1. Technical Field
The present disclosure relates generally to the field of communications systems, and more particularly in one exemplary embodiment to switching between access control clients in a controlled manner
2. Description of Related Technology
Access control is required for secure communication in most prior art wireless radio communication systems. As an example, one simple access control scheme might include: (i) verifying the identity of a communicating party, and (ii) granting a level of access commensurate with the verified identity. Within the context of an exemplary cellular system (e.g., Universal Mobile Telecommunications System (UMTS)), access control is governed by an access control client, referred to as a Universal Subscriber Identity Module (USIM) executing on a physical Universal Integrated Circuit Card (UICC). The USIM access control client authenticates the subscriber to the UMTS cellular network. After successful authentication, the subscriber is allowed access to the cellular network. As used hereinafter, the term “access control client” refers generally to a logical entity, either embodied within hardware or software, suited for controlling access of a first device to a network. Common examples of access control clients include the aforementioned USIM, CDMA Subscriber Identification Modules (CSIM), Internet Protocol (IP) Multimedia Services Identity Module (ISIM), Subscriber Identity Modules (SIMs), Removable User Identity Modules (RUIM), etc.
Incipient research is directed to virtualization of access control clients. For example, an electronic Subscriber Identity Module (eSIM) is a virtualized access control client that is executed from a secure element within the client device. Virtualized access control clients can provide significant benefits for users and network operators. For example, a user can transfer an eSIM freely between devices; moreover, eSIMs can be flexibly stored, backed up, etc. Network operators can distribute and/or patch eSIMs via software distribution networks. However, due to the sensitive nature of the data used for network access (e.g., cryptographic information) and user information (e.g., account information), the secure element and eSIM must be tightly controlled to prevent e.g., theft, misuse, malicious behavior, etc.
Unfortunately, for reasons described in greater detail herein, network operators have been reluctant to adopt eSIMs due to various perceived security concerns. For example, network operators have expressed some degree of apprehension that unsupervised switching of eSIMs could be misused. To these ends, network operators have required that eSIMs can only be transacted with network supervision. While supervised solutions may alleviate security concerns, such tight control effectively negates many of the advantages offered by eSIM technologies.
Accordingly, improved methods and apparatus for eSIM switching are needed. More generally, such solutions should ideally offer reasonable management capabilities for network operators, without compromising the flexibility of virtualized access control clients.